I'm facing a problem regarding my desktop. Recently it was infected with a
virus but I managed to clean and disinfect all the malware which attacked my
PC. After a restart, I wasn't able to see all my network adapters in network
connection folder. When I refresh it always gives me a message that "The
Network Connection Folder was unable to retrieve the list of network adapters
on your machine. Please make sure that the Network Connection service is
enabled and running". I checked my services and found out that network
connection services and other services were missing. How do I fix this?

•

What you're experiencing is fairly common. Not the "network connections"
part - I've actually never heard of that specific symptom before - but the part
where, after eradicating a virus or other form of malware, Windows is left in a
somewhat broken state.

They symptoms vary, but the bottom line is the same. To put it in terms of
some American slang: Windows "just ain't right".

I'll look at why that might be, and what you can do about it.

I'll warn you: you probably won't like my recommendation.

•

Malware works a couple of different ways.

The most common way these days is where it copies files containing malicious
software on to your system and then causes those files to be run by adding
information to places like the registry. With that information, Windows might be
instructed to automatically run the software on every reboot, or under other
conditions. When cleaning your system anti-malware programs both remove the
malicious files, and then remove those malicious instructions that cause the
malware to run.

Another approach that malware also uses is to modify existing files. For
example, malware might not copy in any additional files, but rather take an
existing system file - typically an "exe" or "dll" file - and re-write it to
include the malware's own code. That way, whenever the system file is used by the system the
malware is run.

Anti-malware programs face a dilemma when this kind of technique is used.
Where normally they might remove the infected file, since it's a system file
removing it might have adverse side effects on the operation of the system. Yet,
sometimes that's exactly what they do: remove or quarantine the infected system
file. As we've seen in the past that can result in the system becoming unusable.

Since the specifics and the techniques vary, the side-effects of removing a
virus aren't always quite so dramatic. The principle still remains: it's
possible that removing a virus can actually harm your system.

And it sounds like that's exactly what's happened to you: some component of
Windows networking has been compromised, either by the malware itself, or the
removal of that malware.

At a minimum you'll need to somehow repair Windows. I'll get to that in a
moment.

First, I need to remind you of another unpleasant fact: you don't know that
your machine is actually malware free.

Once your machine has been infected, it's no longer your machine. Malware
could have done anything. There is no guarantee that your anti-malware
software removed everything. Not all programs detect and remove all
malware.

Your machine could still be infected.

So with those two facts in mind:

Windows needs repairing

Your machine could still be infected

My recommendations, starting with the safest possible approach:

Reinstall: Backup and reinstall Windows, all
applications and your data from scratch. While this is extremely painful to do,
it's really the only way to know that you've eradicated the virus and anything else
it may have allowed to enter your machine. The initial backup is to preserve
any data and other files that you may need to recover after everything has been
reinstalled. Of course care will need to be taken to ensure that when you
restore files from that backup you're not restoring infected files. Typically,
that means you only restore data files and never programs from the backup.
You'll need your Windows installation media for this approach, and the
installation media or original downloads for all the programs on your
machine.

Revert: Backup your current system, and then
revert to a system backup image taken prior to the infection. Backup
first so that you have copies of any data files that changed since that earlier
backup was taken. This is perhaps the simplest approach of all, but does
require that you've been doing periodic image backups prior to the infection,
and that you can correctly identify a point in time at which your machine was
not infected by the malware you removed.

Repair: A repair install of Windows uses your
installation media to reinstall Windows "in place". How
should I reinstall Windows? includes links to a couple of older articles on
other sites on performing a "repair" install.

SFC: The System File Checker, or SFC, does exactly
what its name implies: for a majority of the files that comprise Windows it
checks them to make sure that they are present, and that they are the correct
unmodified copies. Note that SFC does not scan data like the registry, it's
simply a file checker. If files need to be repaired, you may be asked to provide
your original installation media so that SFC can access the unblemished copy.
Sadly, SFC can get a little confused after a service pack or two (particularly
if you elect not to save backup copies when the service pack is installed). But
when it works it's a fairly easy solution.

Other alternatives that people may think of include:

System Restore: System Restore does not live up to its
name: it does not restore your system. Rather, I think of it as a glorified
registry backup with perhaps a few other files along for the ride. When it's
available (it's often not), it uses data that has been saved on your hard disk
- the very same hard disk that was just infected with malware. My implication
is that you simply don't know that the data used by System Restore has not
itself been compromised. I warn people against relying on System Restore for
many reasons. (But yes, it can be worth a try in a pinch. But you still won't
know that malware has been removed.)

Recovery Partition (or Disc): The recovery disc (which is
different than an installation disc) varies from manufacturer to manufacturer
but typically does not include a copy of the operating system. Rather, it
relies on a partition - possibly a hidden partition - from which it then
restores the operating system. Once again, that partition is on the very system
that was compromised, so it's possible that the data to be used in recovery is
itself compromised. (And yes, also once again, it's worth a try in a pinch. But
like System Restore, I warn people against relying on recovery partitions.)

The safest approach, by far, is to reinstall Windows. But given how painful
that is, the alternatives that follow it are often more practical.

And hopefully this will reinforce the need for a) getting Windows
installation media, and b) backing up completely and regularly.

And of course not allowing your machine to be infected with malware in the first
place.

Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.

Thanks for the solution Leo, actually i already backup all my files and install a fresh windowsXP.

Ben Jack Rudismith Stevens
May 28, 2010 6:31 AM

'' a good tutorial, i have had problems dealing with viruses before, i am not a whizz, but this tutorial simply helps me to learn from my mistakes, thanks leo, ur a whizzard

Steve Austin
May 29, 2010 4:19 AM

Looking for something like this from a very long time, thanks for sharing this article.

Reid
June 1, 2010 8:59 AM

Having worked on countless virus-infected PCs over the years, I agree 100% with your advice above. Whenever possible, I opt for a complete reinstall. Painful and time consuming, yes, but worth the effort. The PC or laptop usually runs a lot better, too, as most people have tons of bloatware and other non-essential, performance-sapping software on their machine.

Dan Gayman
June 1, 2010 9:43 AM

''simply the perfect solution to my common virus prob's many thanks for the tutorial leo''

Bob Strombeg
June 1, 2010 9:58 AM

I second Reid's comment. I scratch my head about people who claim they can "clean" Windows PCs. How, o how do you KNOW when you are done? With malware that is polymorphic (changes shape) and stealthy (hides from the OS and from anti-malware programs), the best assurance of success is by a reinstall, preferably from a "known good" clone image. There are no guarantees but I think you can get to "high assurance" that the system is infection free. NOTE: I hardly ever use a Windows computer to do online shopping or banking.

Glenn Meyer
June 1, 2010 12:54 PM

I have yet another option: Boot the system from one of the Linux-based repair CDs, such as SystemRescueCD and RIP. If you're a Linux user and your significant other insists on using Windows, this can be a good way to restore clean copies of the files your AV program deleted. The trouble with the reinstall technique, besides being extremely painful, is that it doesn't put everything back the way it was before theinfection occurred. In some situations it's best to deal with the infected files you can find, and wait for the next infection to crop up, as it always will.

Dale Forguson
June 1, 2010 5:20 PM

I'm in the computer support business and I agree that you can't know with certainty that you have a completely clean machine, but there are times when a rebuild isn't an option. There are a lot of tools on the web that I have used with good success to clean machines. I always use several to improve my odds of success. Malwarebytes.org, Superantispyware.com, Spybot S&D (yes it's still in my bag of tricks),combofix, hijackthis, to name a few. You can do more harm than good with some of these tools. If you're unsure ask for help. Two worthwhile websites are bleepingcomputer.com and majorgeeks.com. If you're willing to pay for advice experts-exchange.com is one of the very best. Older backup software may not backup files that are in use like user.dat. I take the approach that you don't have a backup till you have demonstrated a restore. Most non-techs aren't willing to do that. No one solution is appropriate in every case. An ounce of prevention is worth a pound of cure. In most malware infections the problem originated between the chair and the keyboard.

johnpro2
June 1, 2010 8:34 PM

Windows has to become 100% lockable otherwise this blight will haunt the world's computers for many more years.
I use a non writable operating system for banking and on line shopping ...
The boot time is only a few minutes and safety is so far in front of Windows it is a no contest race.Bootable live systems are available here for free.http://www.thefreecountry.com/operating-systems/linux-livecd-distributions.shtml

Saetana
March 27, 2012 8:36 PM

Reformatting the hard drive and reinstalling Windows is the only solution I would ever consider to a virus attack. You have no way of knowing which parts of your software have been affected by the virus. Make sure your personal documents, photos etc are backed up to a disk or USB drive - yes installing all my software again is a pain but this is not an area you should take any risks with. Also be wary of using disk images if you have no idea how long you have had the infection - you may well put the virus back on your PC if you took a backup image since the infection.

•

Comments on this entry are closed.

If you have a question, start by using the search box up at the
top of the page - there's a very good chance that
your question has already been answered on Ask Leo!.